Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dovecot dovecot - vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2019-10691
The JSON encoder in Dovecot prior to 2.3.5.2 allows malicious users to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.
Dovecot Dovecot
Opensuse Leap 15.0
445
VMScore
CVE-2017-2669
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variab...
Dovecot Dovecot
Debian Debian Linux 8.0
694
VMScore
CVE-2020-7046
lib-smtp in submission-login and lmtp in Dovecot 2.3.9 prior to 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop.
Dovecot Dovecot
Fedoraproject Fedora 30
Fedoraproject Fedora 31
187
VMScore
CVE-2021-29157
Dovecot prior to 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.
Dovecot Dovecot
Fedoraproject Fedora 33
Fedoraproject Fedora 34
445
VMScore
CVE-2020-7957
The IMAP and LMTP components in Dovecot 2.3.9 prior to 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages.
Dovecot Dovecot
Fedoraproject Fedora 30
Fedoraproject Fedora 31
356
VMScore
CVE-2020-28200
The Sieve engine in Dovecot prior to 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.
Dovecot Dovecot
Fedoraproject Fedora 33
Fedoraproject Fedora 34
445
VMScore
CVE-2019-19722
In Dovecot prior to 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.
Dovecot Dovecot
Fedoraproject Fedora 30
Fedoraproject Fedora 31
436
VMScore
CVE-2020-24386
An issue exists in Dovecot prior to 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
Dovecot Dovecot
Debian Debian Linux 10.0
Fedoraproject Fedora 32
445
VMScore
CVE-2020-25275
Dovecot prior to 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
Dovecot Dovecot
Debian Debian Linux 10.0
Fedoraproject Fedora 32
383
VMScore
CVE-2015-3420
The ssl-proxy-openssl.c function in Dovecot prior to 2.2.17, when SSLv3 is disabled, allow remote malicious users to cause a denial of service (login process crash) via vectors related to handshake failures.
Dovecot Dovecot
Fedoraproject Fedora 21
Fedoraproject Fedora 20
Fedoraproject Fedora 22
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »